Decrypting response, using fsockopen to talk to REST API on https

When using fsockopen to build my headers and send a request to a REST API, the response appears to be encrypted. Not sure how to best proceed

I started using curl to generate the request, but I just couldn’t get the headers right, and the API wasn’t responding. Eventually I used postman to build a query that returned a valid response.

It looked like: GET /my-path/somefunction?page=2& per_page=10 HTTP/1.1 Host: myhost.com Authorization: mykey User-Agent: PostmanRuntime/7.13.0 Accept: / Cache-Control: no-cache Postman-Token: fc66e2d0-0199-46ce-9866-88ff49d2d10d,9ccfacf6-ebf0-4f6b-a089-b9dd65587bb4 accept-encoding: gzip, deflate Connection: keep-alive cache-control: no-cache

I decided to use fsockopen to generate the headers exactly like the working headers in postman, as curl wouldn’t work, and I had no way to see the headers curl was sending. The problem is the data coming back is gobbledigook – I’m guessing I am seeing encrypted SSL data coming back?

$  fp = fsockopen('ssl://' . $  host, $  port, $  errno,$  errstr,10); fputs($  fp, "GET $  path HTTP/1.1\r\n"); fputs($  fp, "Host: $  host\r\n"); fputs($  fp, "Authorization: $  apiKey\r\n"); //fputs($  fp, "User-Agent: PostmanRuntime/7.13.0\r\n"); fputs($  fp, "Accept: */*\r\n"); fputs($  fp, "Cache-Control: no-cache\r\n"); //fputs($  fp, "Postman-Token: fc66e2d0-0199-46ce-9866-88ff49d2d10d,53b431ae-9046-4546-9bb4-0a0c6fdc54c7\r\n"); //fputs($  fp, "accept-encoding: gzip, deflate\r\n"); fputs($  fp, "Connection: keep-alive\r\n"); fputs($  fp, "cache-control: no-cache\r\n\r\n"); //fputs($  fp, $  data);  $  result = '';  while(!feof($  fp)) {     // receive the results of the request     $  result .= fgets($  fp, 128); } echo $  result; 

I’m wondering how I can decrypt the data I get back?

Ubuntu 16.04 stuck after decrypting drive–probably X not starting because of NVIDIA drivers and dist-upgrade (systemd-logind: failed to get session)

For a while now, I’ve had NVIDIA 418.56, CUDA 10.1, and a 4.4.0-148-generic kernel.

I might have caused issues when I ran dist-upgrade or similar recently; after decrypting the drive, it gets stuck there. This is not an issue with the decryption, as I’ve also tried recovery mode and logging into the root shell, and I could work with the shell right after it asks for the decryption credentials.

Running startx from another tty did not work, so I thought that I needed to reinstall the driver. I upgraded it to 418.67 and rebooted (confirmed by nvidia-smi), but the GUI still would not boot.

The Xorg logs are shown here. An error is seen:

(EE) systemd-logind: failed to get session: PID 1214 does not belong to any known session 

Where do I go from here? I’ve searched about the topic, and the posts were mostly from a few years back, involving Arch Linux and Bumblebee.

Decrypting AES-128-CBC leads to first block being correct, the rest corrupt

I’m currently investigating a piece of software which encrypts it’s files with AES-128-CBC.

From disassembly it is truly known that the algorithm used is correct (log messages plus calls to the BCrypt library).

The key and IV are static and stored within the executable as a blob of 96 bytes, which is split using a set of XOR loops into 2 blobs of 16 bytes — one for the key, and one for the IV.

I have been able to reproduce the same algorithm and acquire both the key and the IV.

However, when I try to use the acquired data to decrypt the file, either using tiny-aes or the OpenSSL command line tool, I get a piece of the correct decrypted header for the file, containing human-readable text at that, but further just a bunch of zero bytes, and then seemingly the original encrypted data again.

Reading up about CBC on Wikipedia leads to the fact that:

Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct.

However, this seems to be the exactly inverse in my case. Moreover, even if I set the IV to all zeros during decryption, I still get the header, but not the further data.

Am I missing a critical point in how to apply the algorithm properly? Or may it be that the implementation in Windows BCrypt differs from tinyAES and OpenSSL on Linux?

Decrypting external HD via terminal, seems stuck

I originally started to encrypt an external drive via right clicking the image and hitting “encrypt”. It got to about 4% progress when I decided to reverse the process. Running OSX Sierra.

I ran a terminal command and have left it for about 12 hours, and it is still stuck on “pending”

+-> Logical Volume Family       ----------------------------------------------------------      Encryption Type:         AES-XTS      Encryption Status:       Unlocked      Conversion Status:       Converting      Reversion State:         Pending      High Level Queries:      Not Fully Secure      |                        Has Visible Users      |                        Has Volume Key      |      +-> Logical Volume           ---------------------------------------------------          Disk:                  disk5          Status:                Online          Size (Total):          999489667072 B (999.5 GB)          Conversion Progress:   Paused          Revertible:            Yes (unlock and decryption required)          LV Name:               volume name          Volume Name:           volume name          Content Hint:          Apple_HFS 

MacBook-Pro:~ $ diskutil cs list | grep -e “Conversion” -e /Volumes/ volume name

    Conversion Status:       Converting          Conversion Progress:   Paused 

The problem is I can’t wipe the disk, as there is no back up of the data (long story). Is there any way to force the decrypt to continue? If not, should I just go back to finishing the encryption? Or is 12 hours or more to be expected in this process and I should be patient?

Or will the drive still be usable if I simply eject?

Thanks in advance.

Decrypting application data from pcap

Full disclosure I am front end developer with hardly any knowledge of security trying to complete a security challenge. All info below I picked up in the last 12 hours so if it doesn’t make sense feel free to correct me. Lastly I don’t consider this cheating because I am not doing the challenge to get a job I was just bored tonight, but it’s 5.30am and I refuse to be beaten.

So far I have this :

The file is a pcap file I can open this pcap file in wireshark and see the TLS handshake Somehow I am meant to be able to decrypt the application data by generating a private key using the information about the cipher and other info in ‘Server Hello’ packet

I have only found 1 blogpost on how to do something similar, I am thinking that being in a security challenge this must be a common type of attack. Does this have a name and can anybody shed some light on how to go about this?

Wireshark not decrypting SSL: “Can’t load private key from $directory: can’t import pem data: The requested data were not available”

I am trying to decrypt my web browser’s HTTPS traffic using wireshark. I have set the SSLKEYLOGFILE variable to a file called premaster.txt with the following command export SSLKEYLOGFILE=/home/username/premaster.txt. The file appears to be created and contain the relevant information. However, wireshark, upon startup, gives me the above error Can't load private key from /home/username/premaster.txt: can't import pem data: The requested data were not available and I am unable to decrypt SSL traffic. What could be the cause?

Decrypting SSL traffic using Fiddler to see requests being sent by malware written in .NET

I tried to find the GET data of some malware but it appears that this malware is encrypting traffic using SSL.

When I tried to decrypt the SSL data via Fiddler, I always get nothing — only information about the SSL configuration as you can see in the picture.

This is the picture

  • I installed Fiddler’s root certificate;
  • This is .NET malware.

Is there a way to read the data?

Ubuntu 18.04 gets stuck after decrypting on startup & the OS is completely zoomed in

I’ve bought a new laptop today: MSI GL72 7QF

I installed Ubuntu 18.04 without a problem, after rebooting i had to decrypt Ubuntu, which i did. Now it keeps getting stuck at that dialog;

“cryptsetup (nvme0n1p3_crypt): set up successfully” There are 5 loading dots, it’s stuck at the third dot everytime.

(I’m not sure but i heard it might be that drivers needs to be installed?)

However, i can still access Ubuntu by booting with recovery mode, decrypt, normal boot, and i’m in. Now when i’m in Ubuntu everything is super zoomed. I have already checked in the settings but zoom function is disabled.

New ubuntu user, any help would be appreciated.